1

AFCEA Hawaii Chapter

14 APR 2015

James H. Mills, CAPT, USN

Discla imer: The views presented here are those of the speaker and do not necessarily represent the views of the DoD or DoN.

This briefing is unclassified.

Command Mission Snapshot

Context of the naval environment

The maritime strategy big picture

Maritime challenges

Trends and Game Changers

Strategic relevance of cyberspace

Cyberspace imperatives

Cyberspace as a domain of warfare

Trends and implications

Enterprise priorities

Way Forward

2

Voyage plan for this presentation…

“Eyes and ears” of the Pacific Fleet Support Fleet and National

Information Warfare and cryptologic missions Training, Direct Support,

Electronics Support, Planning Signals Intelligence, I&W, Signals

Analysis Information Operations Cyberspace operations

3

NIOC HI Mission Snapshot

NIOC Hawaii - Excellence in Action

Man, train, and equip Pacific elements of the Cyber Mission Force

Support SIGINT, IO, and cyberspace missions PACFLT, C7F, C3F COMFLTCYBERCOM, C10F,

JFHQ-Cyber COMNAVIDFOR – TYCOM

Continued evolution since 2009

2014 NAVIDFOR, JFHQ-Cyber role

Enterprise focus

Operate the Network as a WarfightingPlatform

Conduct tailored Signals Intelligence

Deliver warfighting effects through cyberspace

Create shared Cyber situational awareness

Establish and mature Navy’s Cyber Mission Force

4

FCC/C10F Strategic Vantage

AFCEA West 2015: VADM Tighe,Answering the Evolving Threat on YouTube

Globalization

Migration

Natural resources competition

Arctic opening

Piracy

Smuggling

Regional competitors

HADR impact

5

Trends in the Maritime

The Maritime commons is the lifeblood of the global economic system.

Trends

Rise in volume of digitized data

Dynamic threat

Weak control of intellectual property

Lower “system” confidence (assurance, trust, resilience)

Insufficient cadre of expertise

Cyber Domain Challenges

Social & economic cyber dependency

Finding right mix of kinetic & cyber

Fiscal constraints

Organizational churn

Technology change outpaces acquisition

Seams emerging at the tactical edge

Rise of peer competitors

Environmental Challenges

Revitalize investment in cadre of expertise

Cultivate acquisition agility

Attain unity of effort

Ensure “Assured C2”

Build in “trust” and “resilience”

Indicators Imply…

Disruptive Technologies• Cloud Computing

• Virtualization

• Autonomous Vehicles

• Augmented Reality

• Data center advances

• Plastic Electronics

• Social Computing

• Mobility & Pervasive Sensing

• Machine Learning

• Hull innovation

• New warship class

7

“Game Changers”

Steam Propulsion

Torpedo Ironclads

Dreadnoughts

Coal

Carrier aviation

Over the Horizon

Submarine warfare

Amphibious warfare

Nuclear power

Precision Guided Munitions

Network Centric Warfare

Autonomous systems

?

8

Cyberspace: Military Imperative

“Enemies in the future, however, need not destroy our aircraft, ships, or tanks to reduce our conventional and even nuclear effectiveness. A well-timed and executed cyber attack may prove just as severe and destructive as a conventional attack.”

General James N. Mattis (USMC), Commander, United States Joint Forces Command

National Military Strategy for Cyberspace Operations (2006) (declassified 2008)

DoD’s role:

Defense of the Nation

National incident response

Critical infrastructure protection

Strategic priorities:

Gain and maintain the initiative to operate within adversary decision cycles.

Integrate capabilities across full range of military operations using cyberspace.

Build capacity for cyberspace operations

Manage risk to cyberspace operations

9

Cyber Warfare: An armed conflict conducted in whole or part by cyber means. Military operations conducted to deny an opposing force the effective use of cyberspace systems and weapons in a conflict. It includes cyber attack, cyber defense, and cyber enabling actions.

(From Joint Terminology for Cyberspace Operations)

Cyber War Defined (2010)

10

“Cyber” as a Domain of Warfare

Another means of national power and influence

Use of Spectrum

Info Operations

Networks & NetOps

Command & Decision

Critical Infrastructure

Cyber Intelligence

Assurance & Trust

Supporting Most recent operations have had IW/IO/”Cyber” as a

supporting element

Disrupt/degrade: C2, IADS; MILDEC; CNE

IW/IO/”Cyber” continues in supporting role in military planning and execution

CNA/CNE largely at strategic level control

Tactics and organization mature

Supported Shift beginning where operation may be solely Cyber or a

supported Cyber operation

Value of non-kinetic greater as Cyber capabilities mature

Shift to allow more Cyber ops at operational and tactical levels of war

Tactics and organization still maturing

11

Supporting Supported

Modern combat systems, weapons and platforms are increasingly software intensive (F-22, JSF…)

Use of Cyberphysical(embedded network) systems growing in DoD

SCADA, machinery control, critical navigation, damage control

Supply chain increasingly from untrusted entities

Primary C2 systems rely on information networks

Data breaches degrade operations

12

Why should you care?

Case targets

microchips sold to

Navy

(Sep. 15, 2010)

2008 Buckshot Yankee (USB)

F-22 Squadron Shot Down by the

International Date Line (2007)

2010

Pentagon ‘Aware’ of China

Internet Rerouting (Nov. 2010)

Computer Spies Breach

Fighter-Jet Project

(April 21, 2009)

US Says Iran Hacked Navy

Computers (Sept. 27, 2013)

US Sanctions North Korea Over

Sony Hack (Jan. 2, 2015)TIME

Nature of Cyber Warfare We operate, attack and defend on the

same platform as the adversaries

Threat characterization and attribution are challenging

Offense and defense have similar features

Industry drives cyberspace technology

Public, high profile adversary successes will breed additional actors Inexpensive, anonymous and effective

Cyber operations require a force that lives “on-the-network”

Global Cyber Common Operational Picture

Predictive cyber threat/response capability

Integrated NetOps, Attack, Defense, Exploit operations

13State, Non-State Actors and Individuals All Operate Within Cyberspace

McAfee, November 2010

BBC, Visualising the Internet, January 2010

FLTCYBERCOM

Perspective

From RDML Leigher brief, 18NOV10, graphics updated.

14

Attack trends

Platform for Propaganda Hacktivism Arab / Israeli conflicts Terrorist recruitment

Political consequence US/China Hacker Wars Iran, Tunisia, Egypt social media North Korea

Disruption Estonia Stuxnet Aramco

Exploitation Operation Aurora Internet Hijacking

Decisive Effects (combined) Georgia, Ukraine 15

Political Aims in Cyber “War”

Rise in volume of digitized data

Dynamic threat

Weak control of intellectual property

Lower “system” confidence (assurance, trust, resilience)

Insufficient cadre of expertise

Cyber Domain Challenges

Example: Chinese Activity

16

Chinese embassy accidental bombing

EP-3E forced landing“Sino-US ‘Hacker War’”

Exploitation campaign

DoD program dataexfiltration

US Naval War College

Source: US-China Economic and Security Review Commission Report (2010)

Chinese Strategy PLA actively developing Computer Network Ops capabilities,

strategy and training

Open press reports of 60,000 in Cyber War corps

Achieve information dominance

Seize control of information flow and establish information dominance

Integrate network and electronic warfare

Coordinated network and EW effects

Focus on C2 and logistics

Non-kinetic first (degrade info systems) then force-on-force

Degrade civilian cyber infrastructure that supports military ops

Deny or degrade C2 (DDoS, false data, EW)

View of CNO as a strategic deterrent comparable to nuclear weapons

17Source: US-China Economic and Security Review Commission Report (2010)

“A victorious army first wins and then seeks battle. A defeated army first battles and then seeks victory.”

Sun Tzu, The Art of War

18

Defense: Layered, Adapt to Risk, Active

Traditional model of defense in depth (Liu/Ormaner)

Cyber Situational Awareness

Information Assurance &

SystemsEngineering

DefensiveManeuver

Force

Reducing Attack Surface(Patching, SW

currency, firewall

policies, etc)

Cyber Key Terrain

Protection & Assured C2

Community Info Sharing

Expert Workforc

e

Something to think about…AirSea Battle & A2/AD

Cyber dimension

19Source: Why AirSea Battle? Krepinevich, 2010.

20

How to Help Support local and enterprise STEM efforts

People are our competitive advantage

“Bake in security” vice “bolt on”

Invest in systems engineering expertise in design and acquisition

Develop a trusted supply chain and take a systems-wide resilience approach

Participate in cybersecurity sharing venues

Develop and deliver enhanced cyber situational awareness tools

Tune operations to cyber “attack” risk

Key terrain analysis

Continuity of Operations

Vital information protection

Questions?21

Information’s Global Commons

22

What is cyberspace?

(From TRADOC Cyberspace Operations Concept Capability Plan, 2010)

DoD defined, May 2008

Motivations:

Sponsored warfare (Assure, Dissuade, Deter, Defeat)

Terrorism (Propaganda, Influence)

Commercial interest ($, IP)

Criminal activity ($, corruption)

Hacking ($, challenge) 23

Network Attacks: Method & Adversaries

National Infrastructure attack surface and methods. (Amoroso)

Adversaries and exploitation points. (Amoroso)

Factors leading to breaches.(Liu, Cheng)

24

Terms of Reference• Computer Network Attack: A category of fires employed for offensive purposes in which actions are

taken through the use of computer networks to disrupt, deny, degrade, manipulate, or destroy information resident in the target information system or computer networks, or the systems / networks themselves.

• Computer Network Exploitation: Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data about target or adversary automated information systems or networks.

• Counter-Cyber: A mission that integrates offensive and defensive operations to attain and maintain a desired degree of cyberspace superiority.

• Cyber Attack: A hostile act using computer or related networks or systems, and intended to disrupt and/or destroy an adversary’s critical cyber systems, assets, or functions.

• Cyber Defense: The integrated application of DoD or US Government cyberspace capabilities and processes to synchronize in real-time the ability to detect, analyze and mitigate threats and vulnerabilities, and outmaneuver adversaries, in order to defend designated networks, protect critical missions, and enable US freedom of action.

• Cyberspace Operations: The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace.

• Cyberspace Superiority: The degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land, air, sea, and space forces at a given time and sphere of operations without prohibitive interference by an adversary.

• Cyber warfare: An armed conflict conducted in whole or part by cyber means.

• Network Operations (NetOps): Activities conducted to operate and defend the DoD’s Global Information Grid.

See “Joint Terminology for Cyberspace Operations” for complete and additional definitions.